On October 11, 2023, cURL released Version 8.4.0 of the cURL utility and the libcurl library. This release addressed two security vulnerabilities:
CVE-2023-38545 – High Security Impact Rating (SIR)
CVE-2023-38546 – Low SIR
This advisory covers CVE-2023-38545 only. For more information about this vulnerability, see the cURL advisory [“https://curl.se/docs/CVE-2023-38545.html”].
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-curl-libcurl-D9ds39cV [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-curl-libcurl-D9ds39cV”]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | cisco_adaptive_security_appliance_\(asa\)_software | any | cpe:2.3:a:cisco:cisco_adaptive_security_appliance_\(asa\)_software:any:*:*:*:*:*:*:* |
cisco | crosswork_change_automation | any | cpe:2.3:a:cisco:crosswork_change_automation:any:*:*:*:*:*:*:* |
cisco | secure_network_analytics | any | cpe:2.3:a:cisco:secure_network_analytics:any:*:*:*:*:*:*:* |